AUDIT: Honour audit_backlog_limit again.
David Woodhouse [Thu, 19 May 2005 13:55:56 +0000 (14:55 +0100)]
The limit on the number of outstanding audit messages was inadvertently
removed with the switch to queuing skbs directly for sending by a kernel
thread. Put it back again.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

kernel/audit.c

index bbc6f54..4158141 100644 (file)
@@ -613,6 +613,18 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, int type)
        if (!audit_initialized)
                return NULL;
 
+       if (audit_backlog_limit
+           && skb_queue_len(&audit_skb_queue) > audit_backlog_limit) {
+               if (audit_rate_check())
+                       printk(KERN_WARNING
+                              "audit: audit_backlog=%d > "
+                              "audit_backlog_limit=%d\n",
+                              skb_queue_len(&audit_skb_queue),
+                              audit_backlog_limit);
+               audit_log_lost("backlog limit exceeded");
+               return NULL;
+       }
+
        ab = audit_buffer_alloc(ctx, GFP_ATOMIC, type);
        if (!ab) {
                audit_log_lost("out of memory in audit_log_start");